KB5004779 install on stand-alone CU20 box broke ECP/OWA!

Steve Bottoms 96 Reputation points

Good morning. Box in question is stand-alone Ex2016 CU20. Installed KB5004779 this weekend; aside from temporarily borking all Content Indexes, I'm now getting a certificate-related error on this machine only: "ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1 " Even though I'm trying to get into the ECP web, the error is being reported as "Server error in '/owa' Application. I'm not going to install this on my DAG members until I can resolve this cert/owa/ecp issue.

Anyone see this when installing KB5004779? Suggestions appreciated!

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,426 questions
{count} votes

Accepted answer
  1. Steve Bottoms 96 Reputation points

    Turns out the expired self-signed Exchange Server Cert may have been the issue after all... https://learn.microsoft.com/en-us/exchange/troubleshoot/administration/cannot-access-owa-or-ecp-if-oauth-expired

    Note on the above referenced article: the sample publishes the new cert to ALL Org Exchange Servers; use with caution if you only want it pushed to a single server.

    Thanks for reading!

0 additional answers

Sort by: Most helpful